For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I. Background

The iconv(3) API allows converting text data from one character set
encoding to another. Applications first open a converter between two
encodings using iconv_open(3) and then convert text using iconv(3).
HZ is an encoding of the GB2312 character set used for simplified
Chinese characters. VIQR is an encoding for Vietnamese characters.

II. Problem Description

A NULL pointer dereference in the initialization code of the HZ module and
an out of bounds array access in the initialization code of the VIQR module
make iconv_open(3) calls involving HZ or VIQR result in an application crash.

III. Impact

Services where an attacker can control the arguments of an iconv_open(3)
call can be caused to crash resulting in a denial-of-service. For example,
an email encoded in HZ may cause an email delivery service to crash if it
converts emails to a more generic encoding like UTF-8 before applying
filtering rules.

IV. Workaround

No workaround is available, but systems that do not process untrusted
Chinese or Vietnamese input are not affected by this vulnerability.